Medical Information System Security Policy Introduction IHVN as a public health institution harvest and accesses information that makes available prospects but also confronted with a number of challenges


Medical Information System Security Policy

Introduction
IHVN as a public health institution harvest and accesses information that makes available prospects but also confronted with a number of challenges. However, the obtainability of the internet has given an opening to hackers, virus developers and criminals to attached free and open networks. Reliant on a secure environment to accomplish their routine activities and fortification of patient information systems is indispensable. The medical information security policy is developed into the health sector for management of risk framework at different levels. The BMA model is adopted as it is a multilateral security model that the medical information systems implemented (Anderson, 2008).

Objectives
The aim of the security policy is to safeguard adequate measures are put in place to secure information systems and stored information that might have an adversative result on daily operations including infrastructure. A tributary aim of the policy is to create consciousness on information security associated matters for all staff of the institute.

Scope
The scope of this policy covered the protection of the underlined:
• Confidentiality: ensuring that information and systems are accessible only to authorized users
• Integrity: Conserving the precision and comprehensiveness of information and giving out procedures.
• Availability: Certifying that permitted users have access to information and systems when required.

Policy
The policy shall apply to the underlined:
• Infrastructure: All information systems that will include computers, network and telecommunication equipment owned by the establishment through a connectivity web.
• Software: All software as well as operating systems, network services and application software installed on systems in the institute.
• Information and databases: All information warehoused on appropriate systems of the organization.
Approach:
• The Health Insurance Portability and Accountability Act is that best effective tool for a security rule finding the middle ground and it guards information systems will be used as an influential policy and handling security in the institute(AL Faresi, Wijesekera and Moidu, 2010).
• The policy will conform to all lawful and prescribed necessities as well as but not limited to the Health Insurance Portability and Accountability Act (HIPAA)(Kiel, 2012; Voos and Park, 2014).
Responsibilities:
• The management is responsible and accountable for ensuring that the objectives of the security policy are met.
• All users of the institute’s information system are accountable for shielding information. They must at all times act in an answerable, specialized honest and security mindful method, upholding a cognizance in conformity with the security policy.
• The health informatics department is responsible for advising users on security issues, preventing, monitoring and investigating security incidents.
• At all times, users should report any breach of security policy or any suspected act to the Health Informatics Health desk through [email protected] in accordance with the data security policy of the institute.

Practices:
This policy will be reviewed every twelve months to accommodate technological improvements and to determine whether is still up to date for accepting evolving requirements of the system.

Awareness:
This policy will be publicized Health Informatics Department including standards and guidelines for all staff and interns in the institute. Seminars, training and published manuals will be provided to the teaming users to create security awareness.
Enforcement
Any user or system administrator found to have desecrated the security policy may be put in danger to punitive action or otherwise termination of his or her appointment.

References
Anderson, R. (2008) ‘Security Engineering’, John Wiley ; Sons. doi: 10.1093/epirev/mxr031.
AL Faresi, A., Wijesekera, D. and Moidu, K. (2010) ‘A comprehensive privacy-aware authorization framework founded on HIPAA privacy rules’, Proceedings of the ACM international conference on Health informatics – IHI ’10. doi: 10.1145/1882992.1883093.
Kiel, J. M. (2012) ‘HIPAA and its effect on informatics’, CIN – Computers Informatics Nursing. doi: 10.1097/NCN.0b013e31823ea54e.
Voos, K. C. and Park, N. (2014) ‘Implementing an open unit policy in a neonatal intensive care unit: Nurses’ and parents’ perceptions’, Journal of Perinatal and Neonatal Nursing. doi: 10.1097/JPN.0000000000000055.